Some entities will trigger the need for their first Single Audit after receiving federal funds from the government related to the Covid-19 pandemic. Single audits are performed by independent auditors and encompass both financial and compliance components. The compliance component has two distinct areas - the grant specific compliance requirements and internal control over compliance.
What's the difference between an annual financial audit and a single audit?
Federal single audits differ slightly from other types of audits, through their focus on compliance. The grantor determines the requirements that are subject to audit, and an auditor evaluates which of those are required to be audited. The audit will evaluate and test the internal control processes implemented over each grant requirement. In addition, a single audit will test that you are in compliance with the grant requirements.
A federal single audit is required when you spend more than $750,000 of federal funds in one year, regardless of whether those federally-sourced funds came directly from the federal government or were passed through from a state or local government.
What type of testing will my auditor perform during my single audit?
The first step will be for the auditor to determine which award will be audited as a “Major Program” using a risk-based approach. As part of the process, the auditor will consider current and prior audit experience, oversight by federal agencies and pass-through entities, and the inherent risk of the federal program. Here is the four step process used by auditors to determine which programs are to be audited as major programs.
Step One: Identify Type A Programs
The auditor will identify Type A programs which are federal programs that have expended federal awards during the audit period based on the table below. Federal programs that are not characterized as Type A, will be characterized as Type B programs.
Adjusting for large-loan program balances
The inclusion of large loan and loan guarantees (loans) will not result in the exclusion of other programs as Type A programs. When a federal program providing loans exceeds four times the largest non-loan program it is considered a large loan program. The auditor will consider the program as a Type A program and exclude its amounts in determining other Type A programs. The recalculation of the Type A program is performed after removing the total of all large loan programs. For biennial audits permitted under § 75.504, the determination of Type A and Type B programs must be based upon the federal awards expended during the two-year period.
Clusters are treated as one program even though they may have multiple Assistance Listing or AL numbers (formerly CFDA number).
Step Two: Identify Low-Risk Type A Programs
The auditor will identify Type A programs which are low-risk. In making this determination, the auditor will consider whether the requirements in § 75.519(c), the results of audit follow-up, or any changes in personnel or systems affecting the program indicate significantly increased risk and preclude the program from being low risk. For a Type A program to be considered low-risk, it must have been audited as a major program in at least one of the two most recent audit periods (in the most recent audit period in the case of a biennial audit),
Note - American Rescue Plan (ARP) programs was passed in March 2021, the new ARP programs would not have been audited in one of the two most recent audit periods for audits subject to the 2021 Compliance Supplement. Therefore, generally new ARP Type A programs must be audited as a major program.
In addition, in the most recent audit period, the program must have not had:
(i) Internal control deficiencies which were identified as material weaknesses in the auditor's report on internal control for major programs as required under § 75.515(c);
(ii) A modified opinion on the program in the auditor's report on major programs as required under § 75.515(c); or
(iii) Known or likely questioned costs that exceed five percent of the total Federal awards expended for the program.
Federal agencies can request that programs not be considered low-risk for certain recipients. Additional information regarding programs with a "higher-risk" designation can be found in Appendix IV of the 2021 Compliance Supplement. Check out the Compliance Supplement Overview to learn more about the various sections within the Compliance Supplement.
No Low-Risk Type A Programs
If there are no low-risk Type A programs then step 3, identifying high-risk Type B programs, is inapplicable. Go to Step Four: Major Program Determination.
Note - Step three is inapplicable, because the programs that are identified as high risk Type B is based on what is identified as low-risk Type A. Therefore, if there are no low-risk Type A programs identified, no high-risk Type B programs can be identified.
Step Three: Identifying High-Risk Type B Programs
The auditor identifies the Type B programs by using their judgment and considering various risk factors such as:
The program's complexity, size, and length of time established
Significant changes in personnel, grant requirements, statutes, and regulations
Prior audit findings and internal control weaknesses
Programs that have not been recently audited as a major program
Communication from the federal oversight agency regarding prior issues
Auditors are not required to identify more than at least one-fourth the number of low-risk Type A programs. In addition, an auditor is only required to perform risk assessments of Type B programs that exceed 25% of the Type A threshold. If all of the Type B programs are less than this amount, then none are assessed and step three is inapplicable.
No High-Risk Type B Programs
There is the possibility that there are no Type B programs identified as high risk and the auditor would not test them as major programs. If there are multiple Type B programs, auditors will most likely not identify all of them during the audit period, as they would then all need to be tested. Therefore, to allow for different high-risk Type B programs to be tested as major over a period of time, auditors will most likely use a rotation approach to identify and test a different high-risk Type B program each audit period.
An auditor is not expected to perform risk assessments on relatively small Federal programs. Therefore, the auditor is only required to perform risk assessments on Type B programs that exceed twenty-five percent (25%) of the Type A threshold determined in Step One.
Step Four: Major Program Determination
At a minimum, an auditor will audit all of the following as major programs.
All Type A programs not identified as low risk
All Type B programs identified as high-risk
Any additional programs needed to comply with the percentage of coverage rule
The percentage of coverage rule is 20% for low-risk auditees and 40% for those that are not low-risk auditees.
Low-Risk Auditee
An auditee must meet all of the following conditions for each of the preceding two audit periods to qualify as a low-risk auditee:
An annual Single Audit was performed and the reporting package was timely filed with the Federal Audit Clearinghouse.
The auditor issued an unmodified opinion on the financial statements and on the schedule of expenditures of federal awards (SEFA).
There were no internal control material weaknesses in the Yellow Book report.
The auditor's opinion did not report substantial doubt about the entity's ability to continue as a going concern.
AND
No federal programs had findings from any of the following in the preceding two years:
There were no material weaknesses in internal control for a major program.
There were no major programs with a modified opinion.
There were no known or likely questioned costs that exceeded five percent (5%) of the total federal awards expended for a Type A program during the audit period.
Testing will begin once the major program determination is complete. Auditors use the Compliance Supplement in designing audit procedures. Auditees can also leverage the compliance supplement to gain in depth knowledge of what their auditor will review. To learn more about the structure of the compliance supplement, please visit our Compliance Supplement Overview.
If you need a Single Audit or require help when preparing for a Single Audit, our team is ready to get started.